CVE Daily
← All years

All CVEs — 2007

Page 4/18.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2007-11-26
High

CVE-2007-6127

Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-6130

gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2007-6129

Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.…

CVSS: 5.8 CWE: CWE-20
Read more
High

CVE-2007-6128

SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-6126

Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2007-6125

SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-6124

Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-6122

The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. NOTE: some o…

CVSS: 5.0 CWE: CWE-20
Read more
2007-11-23
High

CVE-2007-6106

SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-6121

Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2007-6120

The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

CVSS: 5.0 CWE: CWE-119
Read more
Critical

CVE-2007-6114

Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissec…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2007-6112

Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2007-6110

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2007-6115

Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2007-6105

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php…

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2007-6103

I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2007-6102

Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-6101

Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a bla…

CVSS: 4.0 CWE: CWE-20
Read more
Low

CVE-2007-6100

Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to injec…

CVSS: 2.6 CWE: CWE-79
Read more
Medium

CVE-2007-6104

Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3 CWE: CWE-79
Read more
2007-11-22
Critical

CVE-2007-6089

PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2007-6095

The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might…

CVSS: 4.0 CWE: CWE-200
Read more
Medium

CVE-2007-6094

The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that…

CVSS: 4.3 CWE: CWE-20
Read more
High

CVE-2007-6093

The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expect…

CVSS: 7.1 CWE: CWE-20
Read more
Critical

CVE-2007-6092

Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2007-6091

Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute ar…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-6090

Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this informat…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2007-6088

PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path par…

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2007-6087

Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module.

CVSS: 6.8 CWE: CWE-352
Read more
Critical

CVE-2007-6086

Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter.

CVSS: 9.3 CWE: CWE-22
Read more
Medium

CVE-2007-6085

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_cha…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2007-6084

SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2007-6083

SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2007-6082

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can…

CVSS: 9.3 CWE: CWE-94
Read more
2007-11-21
High

CVE-2007-6078

Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involvin…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-6079

Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter…

CVSS: 6.8 CWE: CWE-22
Read more
High

CVE-2007-6080

SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later re…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-6077

The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively c…

CVSS: 6.8 CWE: CWE-362
Read more
Medium

CVE-2007-6063

Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.

CVSS: 6.9 CWE: CWE-119
Read more
2007-11-20
Medium

CVE-2007-6061

Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlo…

CVSS: 5.0 CWE: CWE-59
Read more
Medium

CVE-2007-6062

irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument.

CVSS: 5.0 CWE: CWE-20
Read more
High

CVE-2007-6058

Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-co…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2007-6060

AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a d…

CVSS: 9.3 CWE: CWE-20
Read more
Medium

CVE-2007-6054

Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-6057

PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg paramete…

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2007-6055

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-5899

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive in…

CVSS: 4.3 CWE: CWE-200
Read more
Low

CVE-2007-6039

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter…

CVSS: 2.1 CWE: CWE-20
Read more
High

CVE-2007-6041

Buffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash) and p…

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2007-6042

PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the…

CVSS: 6.8 CWE: CWE-94
Read more
High

CVE-2007-6043

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as d…

CVSS: 7.1 CWE: CWE-200
Read more
High

CVE-2007-6035

SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2007-6036

The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative…

CVSS: 7.1 CWE: CWE-20
Read more
Medium

CVE-2007-6037

Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and o…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-6038

PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_a…

CVSS: 6.8 CWE: CWE-94
Read more
High

CVE-2007-6033

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitra…

CVSS: 8.8 CWE: CWE-732
Read more
High

CVE-2007-6032

SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2007-6029

Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulner…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2007-6027

PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a UR…

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2007-6028

Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitra…

CVSS: 6.8 CWE: CWE-119
Read more
Critical

CVE-2007-6026

Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary co…

CVSS: 9.3 CWE: CWE-119
Read more
2007-11-19
High

CVE-2007-6025

Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.

CVSS: 7.1 CWE: CWE-119
Read more
Critical

CVE-2007-6013

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gen…

CVSS: 9.8 CWE: CWE-327
Read more
2007-11-16
High

CVE-2007-6012

SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). NOTE: some of these…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2007-4572

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mails…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2007-5398

Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arb…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2007-6011

Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: th…

CVSS: 10.0 CWE: CWE-287
Read more
2007-11-15
High

CVE-2007-6010

Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this…

CVSS: 7.8 CWE: CWE-20
Read more
Medium

CVE-2007-6003

Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter.…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2007-6006

TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.

CVSS: 10.0 CWE: CWE-287
Read more
Medium

CVE-2007-6002

Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search fiel…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2007-6004

Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid paramete…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2007-5999

SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-6007

Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute…

CVSS: 6.8 CWE: CWE-119
Read more
Critical

CVE-2007-6008

Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type h…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2007-6009

Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl.…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2007-6001

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid p…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2007-4344

Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary co…

CVSS: 9.3 CWE: CWE-20
Read more
Medium

CVE-2007-5998

SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2007-5993

Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the sear…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-5990

Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2007-5991

SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2007-5992

SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-5997

SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2007-5994

PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a…

CVSS: 6.8 CWE: CWE-94
Read more
High

CVE-2007-5996

SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-5995

PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.

CVSS: 6.8 CWE: CWE-94
Read more
High

CVE-2007-3749

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary c…

CVSS: 7.8 CWE: CWE-665
Read more
Medium

CVE-2007-4684

Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.

CVSS: 6.9 CWE: CWE-119
Read more
Medium

CVE-2007-4696

Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

CVSS: 4.3 CWE: CWE-362
Read more
Medium

CVE-2007-4695

Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.

CVSS: 4.3 CWE: CWE-20
Read more
High

CVE-2007-4693

The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to…

CVSS: 7.2 CWE: CWE-287
Read more
Medium

CVE-2007-4688

The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2007-4267

Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to…

CVSS: 7.2 CWE: CWE-119
Read more
Medium

CVE-2007-4683

Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working director…

CVSS: 4.6 CWE: CWE-22
Read more
Medium

CVE-2007-4681

Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a craft…

CVSS: 6.9 CWE: CWE-119
Read more
Medium

CVE-2007-4680

CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.

CVSS: 6.8 CWE: CWE-287
Read more
High

CVE-2007-4268

Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which s…

CVSS: 7.8 CWE: CWE-681
Read more
Medium

CVE-2007-4682

CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access…

CVSS: 6.8 CWE: CWE-824
Read more
High

CVE-2007-5978

SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2007-5986

SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-5985

Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2007-5984

classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index…

CVSS: 7.8 CWE: CWE-20
Read more
Medium

CVE-2007-5983

Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-5980

Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-5979

Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-5982

Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to so…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2007-5977

Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2007-5976

SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2007-4692

The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly…

CVSS: 4.3 CWE: CWE-287
Read more
Medium

CVE-2007-5975

SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NO…

CVSS: 6.5 CWE: CWE-89
Read more
High

CVE-2007-5974

SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2007-5973

SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2007-4698

Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associa…

CVSS: 4.3 CWE: CWE-79
Read more
2007-11-14
Medium

CVE-2007-3694

Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2007-5956

Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal s…

CVSS: 7.2 CWE: CWE-22
Read more
Medium

CVE-2007-5955

Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-5947

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have t…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2007-5954

Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this inform…

CVSS: 6.1 CWE: CWE-79
Read more